Hi I Dont know if i am missing some setting RB2011 1iL-RM, because I cant route between two local subnets connected to a router.
Connecting to the internet on the same router works fine.
I have 3 separate networks connected to A Mikrotik RB2011 1iL-RM .
Subnet 1 - 10.0.3.0/24 ( Local Area network)
Subnet 2 - 10.0.16.0/24 ( Local Area network)
Subnet 3 - 10.0.0.0/30 (Link to an internet router on IP 10.0.0.1)
My Ethernet Ports are set up as follows:
ETH 2 10.0.0.2/30
ETH 3 10.0.16.1/24
ETH 4 10.0.3.1/24
The Mikrotik already created dynamic routes an I have added the following route for internet access.
0.0.0.0/0 gateway 10.0.0.1 Distance 1 ( i Have changed he distance to 10 just in case it takes over )
these are the dynamic Routes that the Mikrotik made
10.0.0.0/30 Ether2reachable Distance 0
10.0.16.0/24 Ether4reachable Distance 0
10.0.3.0/24 Ether4reachable Distance 0
I can connect to the internet but the Mikrotik does not route between the two local subnets ( 10.0.3.0/24 and 10.0.16.0/24) the Mikrotik can ping all the devices on both networks.
All devices have their gateway address setup correctly and can connect to the internet. I have opened up ICMP on all device firewalls.
Also I have no settings yet in the Mikrotik Firewall.
Is the Mikrotik routing out the wrong port?
Please assist.
Why you think Tik can’t route? If you see dynamic routes of LANs in routing table, then it routes. Try to traceroute between hosts in different subnets. If you can see first hop as his gateway IP and after trace is snaps, then host in destination just blocks ICMP.
When routes are present, two things to look at first:
the defaut route of the clients must be Mikrotik’s IP address in the same subnet (unless you have a more complex routing configured at the clients of course)
firewall rules preventing packets to flow between LANs (dropped before or after routing)
.
As you say that routes at clients are fine, what does /ip firewall export say?
You cannot route between subnets by default. That’s the point of having different subnets, so the hosts can communicate with those on their subnet but not others. Those dynamic routes that are being made are for Internet access so those subnets can route out to the Internet.
If you want 10.0.16.0/24 to route to 10.0.3.0/24 you need to create a route between them to do so. If you want the reverse you need to do the same thing in reverse. You need to tell the router that X, Y and Z subnets can route to X, Y, Z and even I (Internet) because you can tell it not to create those dynamic routes for Internet access and deny a subnet the ability to hit the Internet.
Just as an aside, I recently learned that Palo Alto does not automatically add directly connected networks to their routing tables. First time I’ve ever seen a device that “routes” not add a directly-connected route to its routing table.
I have decided to reset the Mikrotik to factory default and started my configuration over again ( Was not much config 3 Ports and 1 additional route + DHCP etc..)
Now it works.. ( Must have just been some wrong setting somewhere that I could not see)
Both Routing Between Subnet 2 Subnet and Subnets 2 internet works fine now.
